Package name
mpg123
Date
2009-12-08
Advisory ID
MDVSA-2009:093-1
Affected versions
2008.0 i586 , 2008.0 x86_64

Problem description

A vulnerability has been found and corrected in mpg123:

Integer signedness error in the store_id3_text function in the
ID3v2 code in mpg123 before 1.7.2 allows remote attackers to cause a
denial of service (out-of-bounds memory access) and possibly execute
arbitrary code via an ID3 tag with a negative encoding value. NOTE:
some of these details are obtained from third party information
(CVE-2009-1301).

The updated packages have been patched to correct this issue.

Update:

Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers

Updated packages

2008.0 i586

 a7fff075fcde8a998210eb2f6a10a8f5  2008.0/i586/mpg123-0.66-2.1mdv2008.0.i586.rpm 
 33bfefebb4ee900c1ac91fc6bc404b3e  2008.0/SRPMS/mpg123-0.66-2.1mdv2008.0.src.rpm

2008.0 x86_64

 3043ea5891795b013b9b89fa226b28be  2008.0/x86_64/mpg123-0.66-2.1mdv2008.0.x86_64.rpm 
 33bfefebb4ee900c1ac91fc6bc404b3e  2008.0/SRPMS/mpg123-0.66-2.1mdv2008.0.src.rpm

References